Oidc-SSH-ca

beta

Issues short-lived SSH certificates for GitHub Actions via OIDC.

web•June 14, 2026

DevSecOpsDeveloper Tools

What It Does

Details

Oidc-SSH-ca is a small SSH certificate authority that generates ephemeral keys and issues short-lived, OpenSSH user certificates to GitHub Actions callers authenticated via OIDC. It reduces the need to store long-term SSH private keys in secrets by replacing them with more secure, temporary credentials.

Who It's For

Best fit users

•DevOps teams
•Security teams

Why It Matters

Why this one made the cut

This tool enhances security and operational efficiency by minimizing exposure of sensitive SSH key material and allowing granular control over workflow permissions through OIDC claims. It reduces the risk associated with long-term key management and supports compliance with stricter access policies.

Differentiator

What makes it different

Unlike traditional solutions, Oidc-SSH-ca is a lightweight, single-binary tool focused on GitHub Actions integration with minimal setup.

Sources

Where we found it

Sources

GLOBAL · Hacker NewsEN— Jun 14, 2026Visit →

First discovered Jun 14, 2026 · Hacker News